Hi, Your calculation makes a lot of assumptions which are wrong, for my setup.
We worked out a way to provide just-in-time (< 2 minutes) power on state for the target VM's, for when they are really needed + patching timeframes. Additionally the VM's are intended to be used as jump stations in case of support/troubleshooting for the end customers. While the guacamole vm's + some additional services run 24/7, average on-time for the bulk of the vm's is less than 5%/month. This makes things extremely cheap. The guacamole VMs are D8v3, and peak usage across all of them we had 80 users at the same time. Do note that these numbers come from guacamole logs, which does sometimes misfire. CPU almost never spikes more than 50%, and memory rarely spikes above 40%. These sizes and their risks have been agreed with the customer, so we know we can't support all users at once, but due to the nature of the work, this is a scenario that has almost zero probability. What we do struggle sometimes is when there's a cross regional need for access: we provide sharing profiles for all connections, and sometimes support engineers from 2 geographical locations need to connect to same target VM. That's when performance impact is huge. While Guacamole is physically close to the target, usually the second engineer is on different continent. Even if using the guacamole vm closer to him, then adds latency to the target vm, so there's no real good solution. Some other issues that our geo-distributed setup faces: • AADDS is single homed, so all ldap queries are ran in one single region. This adds delay on satellite guacamole vms when logging in • Mysql is also single homed. Cross region clusters have proven to be even less performant than single homed. This adds delay on administrative tasks on guacamole, so we only perform those on a dedicated smaller instance close to mysql. • User storage paths. We use azure blobs for iser storage, but then again this is single region, and can't (because of the setup) be mapped between multiple guacamole vm's. So when using a shared profile, access is sometimes restricted Lastly, the kind of activity the support engineers perform is not that graphic intensive, no video streaming. They mostly fire up remote consoles, examine logs or use their proprietary software for configuration/troubleshooting. Those 3 to 10 MBps seem way too high. Hope this helps. More details unfortunately I'm not comfortable sharing on such a large (well public) audience. Regards, Bogdan On 22 Jul 2024 at 08:38 +0530, Sean Hulbert <shulb...@securitycentric.net.invalid>, wrote: > You should look to the utility cost too, RDP will consume 3MBps - 10MBps on > 1080dpi res and more on larger screens (basic usage), Azure allows 5GB per > month free ingress, egress you have to worry about more. Now you have to take > memory and CPU in to account per session. > You stream any videos or heavy graphic images your bandwidth usage will go up > exponentially. > Easy Math: 730 hours in a month x 0.087 per GiB after 100GB free egress, if > you go over 150TB the price goes to 0.05 per GiB > Usable performance VM will need to have at lease 2x vCPU 8GB RAM min 75Gb > Storage. > No reservation: per VM just sitting there is $273.95ea I have added in all > the hidden costs people miss. This is before bandwidth. > Easy Math: 730 hours in a month x 0.195 = $142.35 > Support $100.00 per VM > Storage Capacity 1000GB = $20.80 > $273.95 x 2000VM = $547,900 per month > assuming you have special partner contract and only charged per user > $273.95 x 300 = $82,185.00 per month > Now if you are using basic 1 vcpu 1.75GB ram this price varies, however > performance will be poor. > To support 300 connections your Guacamole system specs will look something > like this: > vCPU 16 > RAM 64G > 10GBase-t > 10G Drive space min. > Double this if you are doing true load balancing. > > Please note that some calculations are from Azure the specs are from years of > experience. > Hope this information helps! > > Thank You > Sean Hulbert > > > Security Centric Inc. > A Cybersecurity Virtualization Enablement Company > StormCloud Gov, Protected CUI Environment! > > > Industry's most secure CMMC/iTAR virtual desktops! > > FedRAMP MIL4 in process (RAR) > System Award Management > CAGE: 8AUV4 > SAM ID: UMJLJ8A7BMT3 > > AFCEA San Francisco Chapter President > If you have heard of a hacker by name, he/she has failed, fear the hacker you > haven’t heard of! > > CONFIDENTIALITY NOTICE: This communication with its contents may contain > confidential and/or legally privileged information. It is solely for the use > of the intended recipient(s). Unauthorized interception, review, use or > disclosure is prohibited and may violate applicable laws including the > Electronic Communications Privacy Act. If you are not the intended recipient, > please contact the sender and destroy all copies of the communication. > Content within this email communication is not legally binding as a contract > and no promises are guaranteed unless in a formal contract outside this email > communication. > > igitur qui desiderat pacem, praeparet bellum!!! > > Epitoma Rei Militaris > On 7/21/2024 1:49 PM, Tribhuwan Phulera wrote: > > Hi Stefan Bogdan, > > > > Since you are using Apache Guacamole in such large scale for VMs accesses. > > Could you please share about the performance at peak times. > > As currently Apache Guacamole doesn’t have multi-node or HA deployment > > capability. > > > > Thanks & Regards, > > Tribhuwan > > > > From: Stefan Bogdan Cimpeanu <bog...@cimpeanu.org> > > Sent: Saturday, July 20, 2024 10:25 AM > > To: user@guacamole.apache.org > > Subject: Re: Companies Using Guacamole > > > > I'm using Guacamole in Azure to provide access to over 2000 vm's (as jump > > stations) catering for roughly 300 users, for a sweedish telecom company. > > > > The setup has been flawless for the past 3 years, and only uses 3 very > > average specs servers, geo-distributed (Europe, USA and Australia). > > > > Regards, > > Bogdan > > On 20 Jul 2024 at 02:02 +0530, Mike Wyatt <wyatt.m...@gmail.com>, wrote: > > > > > quote_type > > > I used it at a startup years ago for access to on-prem VMs that the GIS > > > team could access / know if a VM was free. > > > > > > Unfortunately I don't know if it's still in use. > > > > > > - Mike Wyatt > > > > > > > > > On Fri, Jul 19, 2024 at 12:59 PM Justin Kocian > > > <jus...@icanotes.com.invalid> wrote: > > > > quote_type > > > > Hello, > > > > > > > > I'm working on a writeup for our move to Apache Guacamole from AWS > > > > Workspaces, and am trying to locate a list of companies using > > > > Guacamole. Does anyone know of such a thing, or can anyone provide > > > > examples? We're a relatively small company, with less than 100 users, > > > > so the comparison doesn't need to be large companies (though that helps > > > > my case). > > > > > > > > Thanks!! > > > > > > > > -- > > > > > > > > Justin Kocian > > > > IT > > > > Direct: > > > >
